hazekamp shows using an external script named long2ip. Hazekamp, would you mind sharing the contents of long2ip.py so I can learn from it?
In trying and failing to reproduce long2ip.py by example, this is what I have done:
http://python-iptools.readthedocs.org/en/latest/#iptools.long2ip
I installed iptools and created a py file as simple as possible trying to follow the most simple examples that came with splunk.
long2ip.py returns the expected result at the command line if I comment out the splunk specific lines:
python long2ip.py
127.0.0.1
but when running from within splunk
index="passivecidr" decip="*"|fields + decip|long2ip
I get error code 1, instead of what I would expect, a 127.0.0.1 for every search result.
long2ip.py is located in $SPLUNK_HOME/etc/apps/search/bin dir and this is v5.0.1
In $SPLUNK_HOME/etc/apps/search/local/commands.conf
[long2ip]
filename = long2ip.py
streaming = true
retainsevents = true
overrides_timeorder = false
# Copyright (C) 2005-2012 Splunk Inc. All Rights Reserved. Version 4.0
import sys,splunk.Intersplunk
import iptools
try:
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
newresults = []
newresults = iptools.long2ip(2130706433)
except:
import traceback
stack = traceback.format_exc()
results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
splunk.Intersplunk.outputResults(newresults)
... View more